NewYork-Presbyterian Hospital Privacy Investigation

NewYork-Presbyterian Hospital (“NYP”) strives to provide exceptional, personalized care that always puts our patients first. We value our patients and community members and understand that maintaining your privacy is of the utmost importance.

📲
We may earn commissions from ads and links on this page.

Recently, NYP became aware of an issue relating to its use of tracking and analytics tools on our public-facing, www.nyp.org website that may have resulted in the sharing of certain patients’ information with the developers of these tools.

Recently it has come to light that NewYork-Presbyterian Hospital's website utilizes "pixels" that track what website visitors do on their computers. These pixels are tracking everything you do once you visit their website. Not only is this an invasion of privacy, but it has come to light that the tracking technology used on the NewYork-Presbyterian website has exposed patient data to third parties. The hospital is claiming that the only information shared were:

• Patients' Names,
• Patients' Addresses,
• Patients' Email Addresses
• Patient Genders.

Affected NewYork-Presbyterian Hospital campus locations may include one of the following:

• NewYork-Presbyterian/Columbia University Irving Medical Center
• NewYork-Presbyterian/Weill Cornell Medical Center
• NewYork-Presbyterian Allen Hospital
• NewYork-Presbyterian Brooklyn Methodist Hospital
• NewYork-Presbyterian Hudson Valley Hospital
• NewYork-Presbyterian Westchester (formerly Lawrence Hospital)
• NewYork-Presbyterian Lower Manhattan Hospital
• NewYork-Presbyterian Queens
• NewYork-Presbyterian Alexandra Cohen Hospital for Women and Newborns
• NewYork-Presbyterian Komansky Children's Hospital
• NewYork-Presbyterian Morgan Stanley Children's Hospital
• Sloane Hospital for Women at NewYork-Presbyterian Morgan Stanley Children's Hospital
• NewYork-Presbyterian Westchester Behavioral Health Center
• NewYork-Presbyterian David H. Koch Center
• NewYork-Presbyterian Brooklyn Methodist Hospital Center for Community Health

NYP began using these tools from third-party service providers on www.nyp.org to understand how visitors interacted with the website. These tools allowed NYP to review website activity to streamline external communications, monitor community engagement and make it easier for patients to connect with care that they need.

NYP disabled the trackers and worked with a forensic firm to fully analyze the information these tools had collected and shared.

In January of 2023, NYP learned that certain information of patients requesting appointments or second opinions or initiating a virtual urgent care visit on www.nyp.org may have been accessed by NYP’s third-party technology service providers.

NYP then reviewed that matter further and determined that the tracking and analytics tools accessed IP addresses and the URL/website addresses of the pages visited, which may have included the provider name and specialty listed on NYP.org. In addition, certain tools were also able to access first name, last name, email address, mailing address, and/or gender if that information was entered on particular pages of the website.

Approximately 54,396 patients were affected.

NYP has not found any evidence that the trackers and analytics tools captured financial information, passwords, payment information, social security numbers or sensitive health information. The trackers and analytics tools also did not collect any protected health information from patient medical records within the NYP Connect patient portal or mobile application.

As required by law, NYP reported this incident to the Department of Health and Human Services, the Office for Civil Rights, and to the Office of the Attorney General in New York State.

Data breaches have increasingly become a cause for concern, as they can lead to long-term damage for those affected. These breaches occur when hackers infiltrate networks to steal personal information, which they may then sell on the dark web, use for identity theft, commit financial theft, or perpetrate other fraudulent activities.

If you were a Facebook user in the United States between May 24, 2007, and December 22, 2022, inclusive, you might be eligible for a cash payment from a Class Action Settlement.
Meta Platforms, Inc., formerly known as Facebook, has reached a settlement in a $725 million class action lawsuit, making it the single largest data privacy class action in U.S. history. The lawsuit alleged that Facebook shared user data with third parties without obtaining permission from its user…

A recent example of a significant data privacy violation is the 2023 Facebook class action settlement, which amounted to a staggering $725 million. This case centered around Facebook's improper sharing of user data with third parties, emphasizing the need for vigilance in protecting personal information.

Taking responsibility for and owning one's personal data is essential in today's digital age. By being proactive in safeguarding our personally identifiable information, we can minimize the risk of falling victim to data breaches and the consequences that come with them. This includes using strong, unique passwords, being cautious about sharing personal information online,

If you were a patient at a NewYork-Presbyterian campus location, your personally identifiable or protected health information may have been leaked to hackers.

Disclaimer: Some information on this site may be considered attorney advertising under your state’s laws and ethical rules. This legal news site and its content is for general information only and is not legal advice. Information on this site may be incomplete or out-of-date.

No attorney-client relationship is created between you and any attorney who publishes content or online forms on this site. Hiring a lawyer is an important decision that should not be based solely on advertisements.

📓
RELATED STORIES
Campaign of Former House Speaker Nancy Pelosi’s campaign has paid an Illinois resident $7,500 for TCPA Violations
Former House Speaker Nancy Pelosi’s campaign has paid an Illinois resident $7,500 in a settlement after the man sued the California Democrat for repeatedly sending unsolicited fundraising texts. The incident sheds light on the importance of adhering to laws regulating unsolicited text messages and c…
New York City Agrees to Pay Over $53 Million in Landmark Settlement for Harsh Jail Conditions.
New York City has agreed to pay more than $53 million to settle a class-action lawsuit covering over 4,000 suspects who were held in harsh conditions at jails on Rikers Island and in the Manhattan Detention Complex, commonly known as the Tombs. The proposed agreement, which requires approval from
Whole Foods Under Fire for Alleged Misrepresentation of Tilapia Fillet Weight
In a recent class action lawsuit, it has been alleged that Whole Foods Market has engaged in false advertising, causing customers to overpay for tilapia fillets. The plaintiff, identified as Daly, claims that he purchased a 365 by Whole Foods Market Tilapia Fillet product in January 2023, which had…